DARPA taps RTX to strengthen cyber resiliency
RTX's BBN Technologies has been awarded a DARPA contract for the Compartmentalization and Privilege Management (CPM) program. The company will develop the Analysis and Restructuring for Containment (ARC) tool to enhance cyber resilience by automatically subdividing software systems into secure compartments. This initiative addresses the critical need highlighted by over 12,000 cyber incidents in the U.S. Department of Defense since 2015. The ARC tool will focus on preventing unauthorized privilege escalations while maintaining system efficiency, implementing a balance between security and performance in critical software systems.
BBN Technologies di RTX ha ricevuto un contratto da DARPA per il programma di Compartmentalizzazione e Gestione dei Privilegi (CPM). L'azienda svilupperà lo strumento Analisi e Ristrutturazione per il Contenimento (ARC) per migliorare la resilienza informatica suddividendo automaticamente i sistemi software in compartimenti sicuri. Questa iniziativa affronta l'esigenza critica evidenziata da oltre 12.000 incidenti informatici nel Dipartimento della Difesa degli Stati Uniti dal 2015. Lo strumento ARC si concentrerà sulla prevenzione di escalation di privilegi non autorizzati, mantenendo l'efficienza del sistema e implementando un equilibrio tra sicurezza e prestazioni nei sistemi software critici.
BBN Technologies de RTX ha recibido un contrato de DARPA para el programa de Compartimentación y Gestión de Privilegios (CPM). La empresa desarrollará la herramienta Análisis y Reestructuración para el Contención (ARC) para mejorar la resiliencia cibernética dividiendo automáticamente los sistemas de software en compartimentos seguros. Esta iniciativa aborda la necesidad crítica resaltada por más de 12,000 incidentes cibernéticos en el Departamento de Defensa de EE. UU. desde 2015. La herramienta ARC se centrará en prevenir escaladas de privilegios no autorizados a la vez que mantiene la eficiencia del sistema, implementando un equilibrio entre seguridad y rendimiento en sistemas de software críticos.
RTX의 BBN 기술이 DARPA의 구획화 및 권한 관리(CPM) 프로그램을 위한 계약을 체결했습니다. 이 회사는 분석 및 격리 재구성 도구(ARC)를 개발하여 소프트웨어 시스템을 자동으로 안전한 구획으로 나누어 사이버 탄력성을 향상시킬 예정입니다. 이 이니셔티브는 2015년 이후 미국 국방부에서 발생한 12,000건 이상의 사이버 사건으로 강조된 중요성을 다룹니다. ARC 도구는 시스템의 효율성을 유지하면서 무단 권한 상승을 방지하는 데 집중하고, 중요한 소프트웨어 시스템에서 보안과 성능 간의 균형을 구현합니다.
BBN Technologies de RTX a reçu un contrat de la DARPA pour le programme de Compartimentation et de Gestion des Privilèges (CPM). L'entreprise développera l'Outil d'Analyse et de Restructuration pour le Containment (ARC) afin d'améliorer la résilience cybernétique en subdivisant automatiquement les systèmes logiciels en compartiments sécurisés. Cette initiative répond à un besoin critique mis en évidence par plus de 12 000 incidents cybernétiques au sein du Département de la Défense des États-Unis depuis 2015. L'outil ARC se concentrera sur la prévention des escalades de privilèges non autorisées tout en maintenant l'efficacité système, mettant en œuvre un équilibre entre la sécurité et la performance dans les systèmes logiciels critiques.
BBN Technologies von RTX hat einen DARPA-Vertrag für das Programm zur Kompartimentierung und Berechtigungsverwaltung (CPM) erhalten. Das Unternehmen wird das Analyse- und Restrukturierungstool zur Eindämmung (ARC) entwickeln, um die Cyber-Resilienz zu verbessern, indem Software-Systeme automatisch in sichere Kompartimente unterteilt werden. Diese Initiative reagiert auf das dringende Bedürfnis, das durch über 12.000 Cybervorfälle im US-Verteidigungsministerium seit 2015 aufgezeigt wurde. Das ARC-Tool wird sich darauf konzentrieren, unbefugte Berechtigungseskalationen zu verhindern, während die Systemeffizienz erhalten bleibt, und ein Gleichgewicht zwischen Sicherheit und Leistung in kritischen Software-Systemen implementieren.
- Secured significant government contract with DARPA for cybersecurity development
- Addresses large market opportunity with over 12,000 DoD cyber incidents since 2015
- Leverages existing BBN capabilities in cybersecurity and software analysis
- None.
Insights
The DARPA contract for RTX's BBN Technologies represents a significant advancement in defense cybersecurity infrastructure. The ARC tool's development addresses a critical vulnerability in military systems, evidenced by the 12,000+ cyber incidents since 2015. The compartmentalization approach is particularly innovative as it maintains system performance while enhancing security - a important balance rarely achieved in cybersecurity solutions.
The project's focus on automated analysis and privilege management could position RTX as a leader in next-generation defense cybersecurity. While the contract's monetary value isn't disclosed, the strategic importance is substantial given the Department of Defense's increasing cybersecurity spending and the potential for commercial applications. The collaboration with prestigious institutions strengthens the technical foundation and increases the likelihood of successful implementation.
This contract reinforces RTX's position in the critical defense technology sector and aligns with the Pentagon's increasing focus on cyber resilience. The development of the ARC tool could lead to additional defense contracts and potential commercialization opportunities in the private sector, where cybersecurity spending is growing exponentially. The involvement of multiple research institutions indicates a comprehensive approach that could yield significant intellectual property value.
The timing is particularly strategic given the rising geopolitical tensions and increased focus on protecting critical infrastructure. While the immediate revenue impact may be modest relative to RTX's size, the long-term potential for technology licensing and integration into other RTX products could create meaningful value streams.
RTX BBN Technologies to develop tool that compartmentalizes software systems to prevent escalation of cyberattacks
According to the
Under CPM, BBN is developing the Analysis and Restructuring for Containment (ARC) tool to thwart unauthorized privilege escalations and lateral movements within software systems. ARC will be engineered to automatically analyze large code bases and construct smaller, secure compartments. By applying the principle of least privilege at a sub-program level, the tool will ensure that only the minimum access necessary is granted for code to execute. This approach to software security will significantly limit the scope of potential damage in the event of a successful infiltration of the software.
"Today's complex attack surfaces and increasingly sophisticated cyberattacks mean that even a single point of vulnerability can compromise an entire system," said Aaron Paulos, BBN principal investigator. "Our solution will enhance the security of critical software systems while preserving performance, which is essential for maintaining operational readiness. The goal is to create compartments that isolate risks, making systems more resistant to cyberattacks."
A key element of the program is the requirement to minimize the impact of compartmentalization on overall performance while producing secure, tight compartments. To achieve this, ARC will generate solutions that balance multiple objectives. For instance, some parts of software application will require performant access, while others might introduce significant exposure to risk. The tool will enable system administrators to selectively apply security measures to those areas deemed most critical, as a way of managing the trade-offs between performance and security.
ARC builds on several unique capabilities from BBN's prior work in cybersecurity and software analysis. The team intends to integrate capabilities that use:
- Automated program analysis to assess and identify potential threats in software, ensuring thorough evaluation and security.
- Verifiable program restructuring to improve security and controls, including adjustments to memory and function usage.
- Automated reasoning to develop effective security solutions by exploring different options and balancing performance with risk management.
The BBN-led team includes Northwestern University, George Washington University and Kestrel Institute. Work on the program will be completed in
This material is based upon work supported by the United States Air Force and DARPA under contract number FA8750-23-C-B031. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author and do not reflect the views of the United States Air Force and DARPA.
About RTX BBN Technologies
Founded in 1948, RTX BBN Technologies provides advanced technology research and development with a focus on national security priorities. From the ARPANET to the first email, through the first metro network protected by quantum cryptography, BBN consistently transitions advanced research to produce innovative solutions for its customers. BBN takes risks and challenges conventions to create solutions in analytics and machine intelligence, networks and sensors, intelligent software and systems, and physical sciences.
About RTX
With more than 185,000 global employees, RTX pushes the limits of technology and science to redefine how we connect and protect our world. Through industry-leading businesses – Collins Aerospace, Pratt & Whitney, and Raytheon – we are advancing aviation, engineering integrated defense systems for operational success, and developing next-generation technology solutions and manufacturing to help global customers address their most critical challenges. The company, with 2023 sales of
For questions or to schedule an interview, please contact corporatepr@rtx.com
View original content:https://www.prnewswire.com/news-releases/darpa-taps-rtx-to-strengthen-cyber-resiliency-302298844.html
SOURCE RTX
FAQ
What is RTX developing for DARPA's CPM program?
How many cyber incidents has the U.S. Department of Defense faced since 2015?
What universities are partnering with RTX on the DARPA CPM program?